Hi Guys,
Researchers from the School of Cyber Security at Korea University in Seoul have developed a new covert channel attack, Casper, which can steal data from air-gapped computers using the computer’s internal speaker. Although this attack is not likely to affect most people, it highlights the vulnerability of even the most secure systems in the world. This article will explain what an air-gapped computer is and how the Casper attack works.
What is an air-gapped computer?
An air-gapped computer is a device that is physically disconnected from the internet or any other network. This isolation makes it highly secure since hackers cannot remotely access the computer. However, hackers can still infect air-gapped computers by physically accessing them and introducing malware. This is where Casper comes in.
What is Casper and how does it work?
Casper leverages the internal speakers of air-gapped computers as a data transmission channel to transmit high-frequency audio that the human ear cannot hear. The data is then picked up by a microphone up to 1.5 meters away, which can be in a smartphone or laptop in the same room. By encoding the data in binary or Morse code, the malware can autonomously exfiltrate data from the target, including passwords and sensitive files.
The researchers tested the model using a Linux-based computer as the target and a Samsung Galaxy Z Flip 3 as the receiver. They achieved a maximum reliable transmitting bit rate of 20 bits/s. Although slow, this rate is enough for the malware to transmit an 8-character password in about 3 seconds and a 2048-bit RSA key in 100 seconds.
How do you defend against Casper?
To defend against Casper, the researchers recommend removing the internal speaker from mission-critical computers. If that’s impossible, implementing a high-pass filter to keep all generated frequencies within the audible sound spectrum can block ultrasound transmissions.
You can read the full research document HERE.
All the best, and have a great day 🙂
Max Roberts,
Incognito Privacy Care Team.